Sandra Steinbrecher

Design Options for Privacy-Respecting Reputation Systems within Centralised Internet Communities

Reputation systems play an important role in Internet communities like eBay. They allow members of the community to estimate other members’ behaviour before an interaction. Unfortunately the design of current reputation systems allows to generate user profiles including all contexts the user has been involved in. A more privacy-enhancing design of reputation systems is needed while keeping the trust provided to the members by the use of reputations. We will present design options for such a system and analyse the privacy it provides with common information-theoretic models. The analysis of our reputation system also allows to analyse similar aspects of privacy in other systems, especially privacy-enhancing identity management.

Multilateral Secure Cross-Community Reputation Systems for Internet Communities

The Internet gives people various possibilities to interact with each other. Many interactions need trust that interactors behave in a way one expects them to do. If people are able to build reputation about their past behaviour this might help others to estimate their future behaviour. Reputation systems were designed to store and manage these reputations in a technically efficient way. Most reputation systems were designed for the use in single Internet communities although there are similarities between communities. In this paper we present a multilateral secure reputation system that allows to collect and use reputation in a set of communities interoperable with the reputation system. We implemented our system for the community software phpBB.

Identity management throughout one's whole life

Identity management has to comprise all areas of life throughout ones whole lifetime to gain full advantages, e.g., ease-of-use for all kinds of digital services, authenticity and authorisation, reputation and user-controlled privacy. To help laying the foundations for identity management applicable to peoples whole life, we describe the formation of digital identities happening numerous times within ones physical life, i.e., their establishment, evolvement and termination, and derive building blocks for managing these digital identities from the needs of individuals and of society. The identity attributes occurring and developing can be categorised according to their sensitiveness and the security requirements individuals have regarding them. We give an analysis of the sensitivity of identities and their attributes w.r.t. privacy and security both from a legal and individuals perspective. This leads to how systems for identity management throughout ones whole life should be designed using the building blocks derived.

Enhancing Multilateral Security in and by Reputation Systems

With the increasing possibilities for interaction between Internet users exceeding pure communication, in multilateral security the research question arises to rethink and extend classical security requirements. Reputation systems are a possible solution to assist new security requirements. But naturally also reputation systems have to be designed in a multilateral secure way. In this paper we discuss both multilateral security by and in reputation systems. An overview on the possibilities how such systems could be realised is given.

What user-controlled identity management should learn from communities☆

Abstract To enable trustworthy privacy, identity management has to be user-controlled, i.e. each user administrates his/her partial identities being supported by an identity management system running on his/her machines under his/her control. Past work on user-controlled identity management focused on isolated users administrating their partial identities mainly used towards organizations, e.g., shops, public administrations and the like. But users intensively interact with other users as well. Additionally, these interactions are not only direct, but indirect, too, as, e.g., within communities. A universally usable identity management meta-system (IMMS) will have to be able to handle and combine all interactions possible. For the sake of privacy, users interacting with organizations might minimize the personal information transmitted in the context of AAA (authentication, authorization, and accounting) without losing functionality. But users interacting with other users, in particular within a community, have to share additional supportive information, e.g., awareness information. Otherwise, neither a community nor team spirit will develop. Balancing privacy and functionality in communities is a current research question. Therefore, an IMMS has to be flexible enough to incorporate new knowledge and demands as they develop.

Privacy, liveliness and fairness for reputation

In various Internet applications, reputation systems are typical means to collect experiences users make with each other. We present a reputation system that balances the security and privacy requirements of all users involed. Our system provides privacy in the form of information theoretic relationship anonymity w.r.t. users and the reputation provider. Furthermore, it preserves liveliness, i.e., all past ratings can influence the current reputation profile of a user. In addition, mutual ratings are forced to be simultaneous and self rating is prevented, which enforces fairness. What is more, without performing mock interactions--even if all users are colluding--users cannot forge ratings. As far as we know, this is the first protocol proposed that fulfills all these properties simultaneously.

Private auctions with multiple rounds and multiple items

For selling spectrum licenses economists have designed new auction types proceeding over several rounds and offering several licenses simultaneously. Communication between bidders usually is forbidden to prevent collusions (i.e., through separate compartments and supervision). We investigate these auctions from the cryptographic point of view and identify that the usual implementation by a succession of (traditional) sealed-bid auctions where the auctioneer announces at least the winner and winning bid of each round offers a covert channel to the bidders. The announcement should be limited to the minimum a bidder needs to know for taking part in the next round. We suggest that the bids made are kept private and she only gets to know which items she currently wins. Only at the end, overall winners and winning bids are revealed. We present a protocol based on a special sealed-bid auction that implements this idea.

Managing one’s identities in organisational and social settings

Interacting in the Internet, users should be empowered to use only those subsets of their personal attributes, called partial identities, which are appropriate for the actual situation and context. Refraining from acting under few and easily linkable partial identities is a prerequisite for trustworthy privacy. Traditionally user-controlled identity management systems primarily support individuals interacting with organisations, but mainly ignore special needs which arise if individuals interact with each other. To support online communities those systems have to change.

Jason: A Scalable Reputation System for the Semantic Web

The recent development of the Internet, especially the expanding use of social software and dynamic content generation commonly termed as Web 2.0 enables users to find information about almost every possible topic on the Web. On the downside, it becomes more and more difficult to decide which information can be trusted in. In this paper we propose the enhancement of Web 2.0 by a scalable and secure cross-platform reputation system that takes into account a user’s social network. Our proposed solution Jason is based on standard methods of the semantic web and does not need a central entity. It enables the fast and flexible evaluation of arbitrary content on the World Wide Web. In contrast to many other reputation systems it provides mechanisms to ensure the authenticity of web content, thus, enabling the user to explicitely choose information published by trusted authors.

Balancing Privacy and Trust in Electronic Marketplaces

Person-to-Person marketplaces have become quite popular on the Internet. Members of the communities established by these marketplaces may sell and buy items within the community. Naturally they have certain security requirements on every trade conducted within the community. We investigate these requirements and the possibility to fulfill them to guarantee multilateral security. eBay, one of the greatest auction providers, uses a reputation system to enhance trust in its marketplace. Unfortunately this system does not address privacy. We suggest how the use of other pseudonym types can increase privacy within a marketplace community like eBay while maintaining the same level of trust.